diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index c10ad38..72018ee 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -3381,7 +3381,7 @@ index 644d4d7..51181b8 100644
 +/usr/lib/ruby/gems/.*/agents(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 +/usr/lib/virtualbox/VBoxManage		--	gen_context(system_u:object_r:bin_t,s0)
 diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
-index 9e9263a..979f47f 100644
+index 9e9263a..43cdcb9 100644
 --- a/policy/modules/kernel/corecommands.if
 +++ b/policy/modules/kernel/corecommands.if
 @@ -8,6 +8,22 @@
@@ -3508,7 +3508,15 @@ index 9e9263a..979f47f 100644
  	mmap_files_pattern($1, bin_t, bin_t)
  ')
  
-@@ -954,6 +999,24 @@ interface(`corecmd_exec_chroot',`
+@@ -945,6 +990,7 @@ interface(`corecmd_shell_domtrans',`
+ interface(`corecmd_exec_chroot',`
+ 	gen_require(`
+ 		type chroot_exec_t;
++        type bin_t;
+ 	')
+ 
+ 	read_lnk_files_pattern($1, bin_t, bin_t)
+@@ -954,6 +1000,24 @@ interface(`corecmd_exec_chroot',`
  
  ########################################
  ## <summary>
@@ -3533,7 +3541,7 @@ index 9e9263a..979f47f 100644
  ##	Get the attributes of all executable files.
  ## </summary>
  ## <param name="domain">
-@@ -1012,6 +1075,10 @@ interface(`corecmd_exec_all_executables',`
+@@ -1012,6 +1076,10 @@ interface(`corecmd_exec_all_executables',`
  	can_exec($1, exec_type)
  	list_dirs_pattern($1, bin_t, bin_t)
  	read_lnk_files_pattern($1, bin_t, exec_type)
@@ -3544,7 +3552,7 @@ index 9e9263a..979f47f 100644
  ')
  
  ########################################
-@@ -1049,6 +1116,7 @@ interface(`corecmd_manage_all_executables',`
+@@ -1049,6 +1117,7 @@ interface(`corecmd_manage_all_executables',`
  		type bin_t;
  	')
  
@@ -3552,7 +3560,7 @@ index 9e9263a..979f47f 100644
  	manage_files_pattern($1, bin_t, exec_type)
  	manage_lnk_files_pattern($1, bin_t, bin_t)
  ')
-@@ -1091,3 +1159,36 @@ interface(`corecmd_mmap_all_executables',`
+@@ -1091,3 +1160,36 @@ interface(`corecmd_mmap_all_executables',`
  
  	mmap_files_pattern($1, bin_t, exec_type)
  ')
@@ -18381,10 +18389,10 @@ index 0000000..cf6582f
 +
 diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
 new file mode 100644
-index 0000000..3c3b9b3
+index 0000000..d74943c
 --- /dev/null
 +++ b/policy/modules/roles/unconfineduser.te
-@@ -0,0 +1,331 @@
+@@ -0,0 +1,332 @@
 +policy_module(unconfineduser, 1.0.0)
 +
 +########################################
@@ -18574,6 +18582,7 @@ index 0000000..3c3b9b3
 +
 +optional_policy(`
 +	dbus_role_template(unconfined, unconfined_r, unconfined_t)
++    role system_r types unconfined_dbusd_t;
 +
 +	optional_policy(`
 +		unconfined_domain(unconfined_dbusd_t)
@@ -22530,7 +22539,7 @@ index 6bf0ecc..d740738 100644
 +	dontaudit $1 xserver_log_t:dir search_dir_perms;
 +')
 diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index 2696452..63fd06a 100644
+index 2696452..0426df3 100644
 --- a/policy/modules/services/xserver.te
 +++ b/policy/modules/services/xserver.te
 @@ -26,28 +26,59 @@ gen_require(`
@@ -22876,7 +22885,7 @@ index 2696452..63fd06a 100644
  	ssh_sigchld(xauth_t)
  	ssh_read_pipes(xauth_t)
  	ssh_dontaudit_rw_tcp_sockets(xauth_t)
-@@ -299,64 +408,108 @@ optional_policy(`
+@@ -299,64 +408,109 @@ optional_policy(`
  # XDM Local policy
  #
  
@@ -22903,10 +22912,11 @@ index 2696452..63fd06a 100644
  allow xdm_t self:socket create_socket_perms;
  allow xdm_t self:appletalk_socket create_socket_perms;
  allow xdm_t self:key { search link write };
++allow xdm_t self:dbus { send_msg acquire_svc };
++
++allow xdm_t xauth_home_t:file manage_file_perms;
  
 -allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
-+allow xdm_t xauth_home_t:file manage_file_perms;
-+
 +allow xdm_t xconsole_device_t:fifo_file { getattr_fifo_file_perms setattr_fifo_file_perms };
 +manage_dirs_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
 +manage_files_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
@@ -22995,7 +23005,7 @@ index 2696452..63fd06a 100644
  
  # connect to xdm xserver over stream socket
  stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
-@@ -365,20 +518,27 @@ stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
+@@ -365,20 +519,27 @@ stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
  delete_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
  delete_sock_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
  
@@ -23025,7 +23035,7 @@ index 2696452..63fd06a 100644
  corenet_all_recvfrom_netlabel(xdm_t)
  corenet_tcp_sendrecv_generic_if(xdm_t)
  corenet_udp_sendrecv_generic_if(xdm_t)
-@@ -388,38 +548,48 @@ corenet_tcp_sendrecv_all_ports(xdm_t)
+@@ -388,38 +549,48 @@ corenet_tcp_sendrecv_all_ports(xdm_t)
  corenet_udp_sendrecv_all_ports(xdm_t)
  corenet_tcp_bind_generic_node(xdm_t)
  corenet_udp_bind_generic_node(xdm_t)
@@ -23078,7 +23088,7 @@ index 2696452..63fd06a 100644
  
  files_read_etc_files(xdm_t)
  files_read_var_files(xdm_t)
-@@ -430,9 +600,28 @@ files_list_mnt(xdm_t)
+@@ -430,9 +601,28 @@ files_list_mnt(xdm_t)
  files_read_usr_files(xdm_t)
  # Poweroff wants to create the /poweroff file when run from xdm
  files_create_boot_flag(xdm_t)
@@ -23107,7 +23117,7 @@ index 2696452..63fd06a 100644
  
  storage_dontaudit_read_fixed_disk(xdm_t)
  storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -441,28 +630,45 @@ storage_dontaudit_raw_read_removable_device(xdm_t)
+@@ -441,28 +631,45 @@ storage_dontaudit_raw_read_removable_device(xdm_t)
  storage_dontaudit_raw_write_removable_device(xdm_t)
  storage_dontaudit_setattr_removable_dev(xdm_t)
  storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -23156,7 +23166,7 @@ index 2696452..63fd06a 100644
  
  userdom_dontaudit_use_unpriv_user_fds(xdm_t)
  userdom_create_all_users_keys(xdm_t)
-@@ -471,24 +677,144 @@ userdom_read_user_home_content_files(xdm_t)
+@@ -471,24 +678,144 @@ userdom_read_user_home_content_files(xdm_t)
  # Search /proc for any user domain processes.
  userdom_read_all_users_state(xdm_t)
  userdom_signal_all_users(xdm_t)
@@ -23307,7 +23317,7 @@ index 2696452..63fd06a 100644
  tunable_policy(`xdm_sysadm_login',`
  	userdom_xsession_spec_domtrans_all_users(xdm_t)
  	# FIXME:
-@@ -502,11 +828,26 @@ tunable_policy(`xdm_sysadm_login',`
+@@ -502,11 +829,26 @@ tunable_policy(`xdm_sysadm_login',`
  ')
  
  optional_policy(`
@@ -23334,7 +23344,7 @@ index 2696452..63fd06a 100644
  ')
  
  optional_policy(`
-@@ -514,12 +855,56 @@ optional_policy(`
+@@ -514,12 +856,56 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -23391,7 +23401,7 @@ index 2696452..63fd06a 100644
  	hostname_exec(xdm_t)
  ')
  
-@@ -537,28 +922,78 @@ optional_policy(`
+@@ -537,28 +923,78 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -23479,7 +23489,7 @@ index 2696452..63fd06a 100644
  ')
  
  optional_policy(`
-@@ -570,6 +1005,14 @@ optional_policy(`
+@@ -570,6 +1006,14 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -23494,7 +23504,7 @@ index 2696452..63fd06a 100644
  	xfs_stream_connect(xdm_t)
  ')
  
-@@ -594,8 +1037,11 @@ allow xserver_t input_xevent_t:x_event send;
+@@ -594,8 +1038,11 @@ allow xserver_t input_xevent_t:x_event send;
  # execheap needed until the X module loader is fixed.
  # NVIDIA Needs execstack
  
@@ -23507,7 +23517,7 @@ index 2696452..63fd06a 100644
  allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  allow xserver_t self:fd use;
  allow xserver_t self:fifo_file rw_fifo_file_perms;
-@@ -608,8 +1054,15 @@ allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
+@@ -608,8 +1055,15 @@ allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
  allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
  allow xserver_t self:tcp_socket create_stream_socket_perms;
  allow xserver_t self:udp_socket create_socket_perms;
@@ -23523,7 +23533,7 @@ index 2696452..63fd06a 100644
  manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
  manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
  manage_sock_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
-@@ -617,6 +1070,10 @@ files_tmp_filetrans(xserver_t, xserver_tmp_t, { file dir sock_file })
+@@ -617,6 +1071,10 @@ files_tmp_filetrans(xserver_t, xserver_tmp_t, { file dir sock_file })
  
  filetrans_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t, sock_file)
  
@@ -23534,7 +23544,7 @@ index 2696452..63fd06a 100644
  manage_dirs_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
  manage_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
  manage_lnk_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-@@ -628,12 +1085,19 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
+@@ -628,12 +1086,19 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
  manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
  files_search_var_lib(xserver_t)
  
@@ -23556,7 +23566,7 @@ index 2696452..63fd06a 100644
  
  kernel_read_system_state(xserver_t)
  kernel_read_device_sysctls(xserver_t)
-@@ -641,12 +1105,12 @@ kernel_read_modprobe_sysctls(xserver_t)
+@@ -641,12 +1106,12 @@ kernel_read_modprobe_sysctls(xserver_t)
  # Xorg wants to check if kernel is tainted
  kernel_read_kernel_sysctls(xserver_t)
  kernel_write_proc_files(xserver_t)
@@ -23570,7 +23580,7 @@ index 2696452..63fd06a 100644
  corenet_all_recvfrom_netlabel(xserver_t)
  corenet_tcp_sendrecv_generic_if(xserver_t)
  corenet_udp_sendrecv_generic_if(xserver_t)
-@@ -667,23 +1131,28 @@ dev_rw_apm_bios(xserver_t)
+@@ -667,23 +1132,28 @@ dev_rw_apm_bios(xserver_t)
  dev_rw_agp(xserver_t)
  dev_rw_framebuffer(xserver_t)
  dev_manage_dri_dev(xserver_t)
@@ -23602,7 +23612,7 @@ index 2696452..63fd06a 100644
  
  # brought on by rhgb
  files_search_mnt(xserver_t)
-@@ -694,7 +1163,16 @@ fs_getattr_xattr_fs(xserver_t)
+@@ -694,7 +1164,16 @@ fs_getattr_xattr_fs(xserver_t)
  fs_search_nfs(xserver_t)
  fs_search_auto_mountpoints(xserver_t)
  fs_search_ramfs(xserver_t)
@@ -23620,7 +23630,7 @@ index 2696452..63fd06a 100644
  mls_xwin_read_to_clearance(xserver_t)
  
  selinux_validate_context(xserver_t)
-@@ -708,20 +1186,18 @@ init_getpgid(xserver_t)
+@@ -708,20 +1187,18 @@ init_getpgid(xserver_t)
  term_setattr_unallocated_ttys(xserver_t)
  term_use_unallocated_ttys(xserver_t)
  
@@ -23644,7 +23654,7 @@ index 2696452..63fd06a 100644
  
  userdom_search_user_home_dirs(xserver_t)
  userdom_use_user_ttys(xserver_t)
-@@ -729,8 +1205,6 @@ userdom_setattr_user_ttys(xserver_t)
+@@ -729,8 +1206,6 @@ userdom_setattr_user_ttys(xserver_t)
  userdom_read_user_tmp_files(xserver_t)
  userdom_rw_user_tmpfs_files(xserver_t)
  
@@ -23653,7 +23663,7 @@ index 2696452..63fd06a 100644
  ifndef(`distro_redhat',`
  	allow xserver_t self:process { execmem execheap execstack };
  	domain_mmap_low_uncond(xserver_t)
-@@ -775,16 +1249,44 @@ optional_policy(`
+@@ -775,16 +1250,44 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -23699,7 +23709,7 @@ index 2696452..63fd06a 100644
  	unconfined_domtrans(xserver_t)
  ')
  
-@@ -793,6 +1295,10 @@ optional_policy(`
+@@ -793,6 +1296,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -23710,7 +23720,7 @@ index 2696452..63fd06a 100644
  	xfs_stream_connect(xserver_t)
  ')
  
-@@ -808,10 +1314,10 @@ allow xserver_t xdm_t:shm rw_shm_perms;
+@@ -808,10 +1315,10 @@ allow xserver_t xdm_t:shm rw_shm_perms;
  
  # NB we do NOT allow xserver_t xdm_var_lib_t:dir, only access to an open
  # handle of a file inside the dir!!!
@@ -23724,7 +23734,7 @@ index 2696452..63fd06a 100644
  
  # Label pid and temporary files with derived types.
  manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-@@ -819,7 +1325,7 @@ manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
+@@ -819,7 +1326,7 @@ manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
  manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
  
  # Run xkbcomp.
@@ -23733,7 +23743,7 @@ index 2696452..63fd06a 100644
  can_exec(xserver_t, xkb_var_lib_t)
  
  # VNC v4 module in X server
-@@ -832,26 +1338,21 @@ init_use_fds(xserver_t)
+@@ -832,26 +1339,21 @@ init_use_fds(xserver_t)
  # to read ROLE_home_t - examine this in more detail
  # (xauth?)
  userdom_read_user_home_content_files(xserver_t)
@@ -23768,7 +23778,7 @@ index 2696452..63fd06a 100644
  ')
  
  optional_policy(`
-@@ -902,7 +1403,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
+@@ -902,7 +1404,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
  allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show };
  # operations allowed on my windows
  allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -23777,7 +23787,7 @@ index 2696452..63fd06a 100644
  # operations allowed on all windows
  allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child };
  
-@@ -956,11 +1457,31 @@ allow x_domain self:x_resource { read write };
+@@ -956,11 +1458,31 @@ allow x_domain self:x_resource { read write };
  # can mess with the screensaver
  allow x_domain xserver_t:x_screen { getattr saver_getattr };
  
@@ -23809,7 +23819,7 @@ index 2696452..63fd06a 100644
  tunable_policy(`! xserver_object_manager',`
  	# should be xserver_unconfined(x_domain),
  	# but typeattribute doesnt work in conditionals
-@@ -982,18 +1503,150 @@ tunable_policy(`! xserver_object_manager',`
+@@ -982,18 +1504,150 @@ tunable_policy(`! xserver_object_manager',`
  	allow x_domain xevent_type:{ x_event x_synthetic_event } *;
  ')
  
@@ -30235,7 +30245,7 @@ index b50c5fe..2faaaf2 100644
 +/var/webmin(/.*)?		gen_context(system_u:object_r:var_log_t,s0)
 +
 diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
-index 4e94884..55d2481 100644
+index 4e94884..9b82ed0 100644
 --- a/policy/modules/system/logging.if
 +++ b/policy/modules/system/logging.if
 @@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
@@ -30397,7 +30407,7 @@ index 4e94884..55d2481 100644
 +#
 +interface(`logging_relabel_syslog_pid_socket',`
 +	gen_require(`
-+		type devlog_t;
++		type syslogd_var_run_t;
 +	')
 +
 +	allow $1 syslogd_var_run_t:sock_file relabel_sock_file_perms;
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 13a4016..e8b95e6 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -9774,10 +9774,15 @@ index 4ec0626..88e7e89 100644
  
  userdom_dontaudit_use_unpriv_user_fds(canna_t)
 diff --git a/ccs.if b/ccs.if
-index 5ded72d..c1b4d35 100644
+index 5ded72d..cb94e5e 100644
 --- a/ccs.if
 +++ b/ccs.if
-@@ -102,16 +102,20 @@ interface(`ccs_admin',`
+@@ -98,20 +98,24 @@ interface(`ccs_manage_config',`
+ interface(`ccs_admin',`
+ 	gen_require(`
+ 		type ccs_t, ccs_initrc_exec_t, cluster_conf_t;
+-		type ccs_var_lib_t_t, ccs_var_log_t;
++		type ccs_var_lib_t, ccs_var_log_t;
  		type ccs_var_run_t, ccs_tmp_t;
  	')
  
@@ -12633,7 +12638,7 @@ index 23dc348..7cc536b 100644
  /usr/sbin/condor_collector	--	gen_context(system_u:object_r:condor_collector_exec_t,s0)
  /usr/sbin/condor_master	--	gen_context(system_u:object_r:condor_master_exec_t,s0)
 diff --git a/condor.if b/condor.if
-index 3fe3cb8..b8e08c6 100644
+index 3fe3cb8..5fe84a6 100644
 --- a/condor.if
 +++ b/condor.if
 @@ -1,81 +1,397 @@
@@ -13046,7 +13051,7 @@ index 3fe3cb8..b8e08c6 100644
 +interface(`condor_admin',`
 +    gen_require(`
 +        attribute condor_domain;
-+        type condor_initrc_exec_config_t, condor_log_t;
++        type condor_initrc_exec_t, condor_log_t;
 +        type condor_var_lib_t, condor_var_lock_t, condor_schedd_tmp_t;
 +        type condor_var_run_t, condor_startd_tmp_t;
 +		type condor_unit_file_t;
@@ -20898,7 +20903,7 @@ index 23ab808..4a801b5 100644
  
  /var/lib/misc/dnsmasq\.leases	--	gen_context(system_u:object_r:dnsmasq_lease_t,s0)
 diff --git a/dnsmasq.if b/dnsmasq.if
-index 19aa0b8..531cf03 100644
+index 19aa0b8..1e8b244 100644
 --- a/dnsmasq.if
 +++ b/dnsmasq.if
 @@ -10,7 +10,6 @@
@@ -21107,11 +21112,12 @@ index 19aa0b8..531cf03 100644
  ')
  
  ########################################
-@@ -267,12 +354,17 @@ interface(`dnsmasq_spec_filetrans_pid',`
+@@ -267,12 +354,18 @@ interface(`dnsmasq_spec_filetrans_pid',`
  interface(`dnsmasq_admin',`
  	gen_require(`
  		type dnsmasq_t, dnsmasq_lease_t, dnsmasq_var_run_t;
 -		type dnsmasq_initrc_exec_t, dnsmasq_var_log_t;
++        type dnsmasq_var_log_t;
 +		type dnsmasq_initrc_exec_t;
 +		type dnsmasq_unit_file_t;
  	')
@@ -21127,7 +21133,7 @@ index 19aa0b8..531cf03 100644
  	init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
  	domain_system_change_exemption($1)
  	role_transition $2 dnsmasq_initrc_exec_t system_r;
-@@ -281,9 +373,13 @@ interface(`dnsmasq_admin',`
+@@ -281,9 +374,13 @@ interface(`dnsmasq_admin',`
  	files_list_var_lib($1)
  	admin_pattern($1, dnsmasq_lease_t)
  
@@ -23594,7 +23600,7 @@ index 5cf6ac6..0fc685b 100644
 +	allow $1 firewalld_unit_file_t:service all_service_perms;
  ')
 diff --git a/firewalld.te b/firewalld.te
-index c8014f8..64e18e1 100644
+index c8014f8..2888d51 100644
 --- a/firewalld.te
 +++ b/firewalld.te
 @@ -21,11 +21,20 @@ logging_log_file(firewalld_var_log_t)
@@ -23619,7 +23625,15 @@ index c8014f8..64e18e1 100644
  dontaudit firewalld_t self:capability sys_tty_config;
  allow firewalld_t self:fifo_file rw_fifo_file_perms;
  allow firewalld_t self:unix_stream_socket { accept listen };
-@@ -40,11 +49,21 @@ allow firewalld_t firewalld_var_log_t:file read_file_perms;
+@@ -33,6 +42,7 @@ allow firewalld_t self:udp_socket create_socket_perms;
+ 
+ manage_dirs_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t)
+ manage_files_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t)
++manage_lnk_files_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t)
+ 
+ allow firewalld_t firewalld_var_log_t:file append_file_perms;
+ allow firewalld_t firewalld_var_log_t:file create_file_perms;
+@@ -40,11 +50,21 @@ allow firewalld_t firewalld_var_log_t:file read_file_perms;
  allow firewalld_t firewalld_var_log_t:file setattr_file_perms;
  logging_log_filetrans(firewalld_t, firewalld_var_log_t, file)
  
@@ -23641,7 +23655,7 @@ index c8014f8..64e18e1 100644
  
  corecmd_exec_bin(firewalld_t)
  corecmd_exec_shell(firewalld_t)
-@@ -53,20 +72,17 @@ dev_read_urand(firewalld_t)
+@@ -53,20 +73,17 @@ dev_read_urand(firewalld_t)
  
  domain_use_interactive_fds(firewalld_t)
  
@@ -23667,7 +23681,7 @@ index c8014f8..64e18e1 100644
  
  optional_policy(`
  	dbus_system_domain(firewalld_t, firewalld_exec_t)
-@@ -85,6 +101,10 @@ optional_policy(`
+@@ -85,6 +102,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -28851,10 +28865,10 @@ index 0000000..f4659d1
 +/var/run/gssproxy\.sock		-s	gen_context(system_u:object_r:gssproxy_var_run_t,s0)
 diff --git a/gssproxy.if b/gssproxy.if
 new file mode 100644
-index 0000000..28263c7
+index 0000000..4bd5abf
 --- /dev/null
 +++ b/gssproxy.if
-@@ -0,0 +1,204 @@
+@@ -0,0 +1,203 @@
 +
 +## <summary>policy for gssproxy</summary>
 +
@@ -28989,7 +29003,6 @@ index 0000000..28263c7
 +	')
 +
 +	systemd_exec_systemctl($1)
-+        systemd_read_fifo_file_password_run($1)
 +	allow $1 gssproxy_unit_file_t:file read_file_perms;
 +	allow $1 gssproxy_unit_file_t:service manage_service_perms;
 +
@@ -29927,6 +29940,21 @@ index ecad9c7..86d790f 100644
  optional_policy(`
  	seutil_use_newrole_fds(irc_t)
  ')
+diff --git a/ircd.if b/ircd.if
+index ade9803..3620c9a 100644
+--- a/ircd.if
++++ b/ircd.if
+@@ -33,8 +33,8 @@ interface(`ircd_admin',`
+ 
+ 	files_search_etc($1)
+ 	admin_pattern($1, ircd_etc_t)
+-
+-	logging_search_log($1)
++ 
++	logging_search_logs($1)
+ 	admin_pattern($1, ircd_log_t)
+ 
+ 	files_search_var_lib($1)
 diff --git a/ircd.te b/ircd.te
 index e9f746e..40e440c 100644
 --- a/ircd.te
@@ -37838,7 +37866,7 @@ index a83894c..481dca3 100644
 +
 +/usr/lib/systemd/system/ModemManager.service		--	gen_context(system_u:object_r:modemmanager_unit_file_t,s0)
 diff --git a/modemmanager.if b/modemmanager.if
-index b1ac8b5..90ca430 100644
+index b1ac8b5..d65017f 100644
 --- a/modemmanager.if
 +++ b/modemmanager.if
 @@ -21,6 +21,30 @@ interface(`modemmanager_domtrans',`
@@ -37860,7 +37888,7 @@ index b1ac8b5..90ca430 100644
 +	')
 +
 +	systemd_exec_systemctl($1)
-+        systemd_read_fifo_file_password_run($1)
++    systemd_read_fifo_file_passwd_run($1)
 +	allow $1 modemmanager_unit_file_t:file read_file_perms;
 +	allow $1 modemmanager_unit_file_t:service manage_service_perms;
 +
@@ -38038,6 +38066,19 @@ index d287fe9..3dc493c 100644
  
  init_dbus_chat_script(mono_t)
  
+diff --git a/monop.if b/monop.if
+index 8fdaece..5440757 100644
+--- a/monop.if
++++ b/monop.if
+@@ -31,7 +31,7 @@ interface(`monop_admin',`
+ 	role_transition $2 monopd_initrc_exec_t system_r;
+ 	allow $2 system_r;
+ 
+-	logging_search_etc($1)
++	logging_search_logs($1)
+ 	admin_pattern($1, monopd_etc_t)
+ 
+ 	files_search_pids($1)
 diff --git a/monop.te b/monop.te
 index 4462c0e..84944d1 100644
 --- a/monop.te
@@ -46701,7 +46742,7 @@ index 8f2ab09..7b8f5ad 100644
 +	allow $1 nscd_unit_file_t:service all_service_perms;
  ')
 diff --git a/nscd.te b/nscd.te
-index df4c10f..2814186 100644
+index df4c10f..8c09c68 100644
 --- a/nscd.te
 +++ b/nscd.te
 @@ -1,36 +1,37 @@
@@ -46851,7 +46892,7 @@ index df4c10f..2814186 100644
  userdom_dontaudit_use_user_terminals(nscd_t)
  userdom_dontaudit_use_unpriv_user_fds(nscd_t)
  userdom_dontaudit_search_user_home_dirs(nscd_t)
-@@ -121,20 +130,30 @@ optional_policy(`
+@@ -121,20 +130,31 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -46881,6 +46922,7 @@ index df4c10f..2814186 100644
 -	udev_read_db(nscd_t)
 +	samba_read_config(nscd_t)
 +	samba_read_var_files(nscd_t)
++    samba_stream_connect_nmbd(nscd_t)
  ')
  
  optional_policy(`
@@ -52601,10 +52643,10 @@ index 96db654..ff3aadd 100644
 +	virt_rw_svirt_dev(pcscd_t)
 +')
 diff --git a/pegasus.fc b/pegasus.fc
-index dfd46e4..0aead56 100644
+index dfd46e4..2e04b85 100644
 --- a/pegasus.fc
 +++ b/pegasus.fc
-@@ -1,15 +1,21 @@
+@@ -1,15 +1,24 @@
 -/etc/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_conf_t,s0)
 +
 +/etc/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_conf_t,s0)
@@ -52613,27 +52655,30 @@ index dfd46e4..0aead56 100644
 -/etc/rc\.d/init\.d/tog-pegasus	--	gen_context(system_u:object_r:pegasus_initrc_exec_t,s0)
 +/usr/sbin/cimserver		--	gen_context(system_u:object_r:pegasus_exec_t,s0)
 +/usr/sbin/init_repository	-- 	gen_context(system_u:object_r:pegasus_exec_t,s0)
++
++/var/lib/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_data_t,s0)
  
 -/usr/sbin/cimserver	--	gen_context(system_u:object_r:pegasus_exec_t,s0)
 -/usr/sbin/init_repository	--	gen_context(system_u:object_r:pegasus_exec_t,s0)
-+/var/lib/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_data_t,s0)
- 
--/var/cache/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_cache_t,s0)
 +/var/run/tog-pegasus(/.*)?		gen_context(system_u:object_r:pegasus_var_run_t,s0)
  
--/var/lib/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_data_t,s0)
+-/var/cache/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_cache_t,s0)
 +/usr/share/Pegasus/mof(/.*)?/.*\.mof	gen_context(system_u:object_r:pegasus_mof_t,s0)
  
--/var/run/tog-pegasus(/.*)?	gen_context(system_u:object_r:pegasus_var_run_t,s0)
+-/var/lib/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_data_t,s0)
 +#openlmi agents
 +/usr/libexec/pegasus/cmpiLMI_Account-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_account_exec_t,s0)
 +/usr/libexec/pegasus/cmpiLMI_Fan-cimprovagt     --  gen_context(system_u:object_r:pegasus_openlmi_system_exec_t,s0)
 +/usr/libexec/pegasus/cmpiLMI_LogicalFile-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_logicalfile_exec_t,s0)
-+/usr/libexec/pegasus/cmpiLMI_Networking-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_networking_exec_t,s0)
-+/usr/libexec/pegasus/cmpiLMI_Service-cimprovagt     --  gen_context(system_u:object_r:pegasus_openlmi_service_exec_t,s0)
-+/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt   --  gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Networking-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_system_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_PowerManagement-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_system_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Realmd-cimprovagt      --  gen_context(system_u:object_r:pegasus_openlmi_services_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Service-cimprovagt     --  gen_context(system_u:object_r:pegasus_openlmi_admin_exec_t,s0)
+ 
+-/var/run/tog-pegasus(/.*)?	gen_context(system_u:object_r:pegasus_var_run_t,s0)
  
 -/usr/share/Pegasus/mof(/.*)?/.*\.mof	gen_context(system_u:object_r:pegasus_mof_t,s0)
++/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt   --  gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
 diff --git a/pegasus.if b/pegasus.if
 index d2fc677..ded726f 100644
 --- a/pegasus.if
@@ -52735,7 +52780,7 @@ index d2fc677..ded726f 100644
  ')
 +
 diff --git a/pegasus.te b/pegasus.te
-index 7bcf327..b6885d4 100644
+index 7bcf327..f36e1ae 100644
 --- a/pegasus.te
 +++ b/pegasus.te
 @@ -1,17 +1,16 @@
@@ -52759,21 +52804,24 @@ index 7bcf327..b6885d4 100644
  type pegasus_cache_t;
  files_type(pegasus_cache_t)
  
-@@ -30,20 +29,199 @@ files_type(pegasus_mof_t)
+@@ -30,20 +29,213 @@ files_type(pegasus_mof_t)
  type pegasus_var_run_t;
  files_pid_file(pegasus_var_run_t)
  
 +# pegasus openlmi providers
++pegasus_openlmi_domain_template(admin)
++typealias pegasus_openlmi_admin_t alias pegasus_openlmi_service_t;
++
 +pegasus_openlmi_domain_template(account)
 +pegasus_openlmi_domain_template(logicalfile)
-+pegasus_openlmi_domain_template(networking)
-+pegasus_openlmi_domain_template(service)
++pegasus_openlmi_domain_template(services)
 +
 +pegasus_openlmi_domain_template(storage)
 +type pegasus_openlmi_storage_tmp_t;
 +files_tmp_file(pegasus_openlmi_storage_tmp_t)
 +
 +pegasus_openlmi_domain_template(system)
++typealias pegasus_openlmi_system_t alias pegasus_openlmi_networking_t;
 +pegasus_openlmi_domain_template(unconfined)
 +
 +#######################################
@@ -52862,26 +52910,38 @@ index 7bcf327..b6885d4 100644
 +    # so we want to have unconfined_domain attribute for filename rules
 +    unconfined_domain(pegasus_openlmi_logicalfile_t)
 +')
++######################################
++#
++# pegasus openlmi networking local policy
++#
++
++optional_policy(`
++    dbus_system_bus_client(pegasus_openlmi_services_t)
++')
++
++optional_policy(`
++    realmd_dbus_chat(pegasus_openlmi_services_t)
++')
 +
 +######################################
 +#
 +# pegasus openlmi networking local policy
 +#
 +
-+allow pegasus_openlmi_networking_t self:capability { net_admin };
++allow pegasus_openlmi_system_t self:capability { net_admin };
 +
-+allow pegasus_openlmi_networking_t self:netlink_route_socket r_netlink_socket_perms;;
-+allow pegasus_openlmi_networking_t self:udp_socket create_socket_perms;
++allow pegasus_openlmi_system_t self:netlink_route_socket r_netlink_socket_perms;;
++allow pegasus_openlmi_system_t self:udp_socket create_socket_perms;
 +
-+dev_rw_sysfs(pegasus_openlmi_networking_t)
-+dev_read_urand(pegasus_openlmi_networking_t)
++dev_rw_sysfs(pegasus_openlmi_system_t)
++dev_read_urand(pegasus_openlmi_system_t)
 +
 +optional_policy(`
-+    dbus_system_bus_client(pegasus_openlmi_networking_t)
++    dbus_system_bus_client(pegasus_openlmi_system_t)
++')
 +
-+    optional_policy(`
-+        networkmanager_dbus_chat(pegasus_openlmi_networking_t)
-+    ')
++optional_policy(`
++    networkmanager_dbus_chat(pegasus_openlmi_system_t)
 +')
 +
 +######################################
@@ -52889,20 +52949,19 @@ index 7bcf327..b6885d4 100644
 +# pegasus openlmi service local policy
 +#
 +
++init_disable_services(pegasus_openlmi_admin_t)
++init_enable_services(pegasus_openlmi_admin_t)
++init_reload_services(pegasus_openlmi_admin_t)
++init_exec(pegasus_openlmi_admin_t)
 +
-+init_disable_services(pegasus_openlmi_service_t)
-+init_enable_services(pegasus_openlmi_service_t)
-+init_reload_services(pegasus_openlmi_service_t)
-+init_exec(pegasus_openlmi_service_t)
-+
-+systemd_config_all_services(pegasus_openlmi_service_t)
-+systemd_manage_all_unit_files(pegasus_openlmi_service_t)
-+systemd_manage_all_unit_lnk_files(pegasus_openlmi_service_t)
++systemd_config_all_services(pegasus_openlmi_admin_t)
++systemd_manage_all_unit_files(pegasus_openlmi_admin_t)
++systemd_manage_all_unit_lnk_files(pegasus_openlmi_admin_t)
 +
 +allow pegasus_openlmi_service_t self:udp_socket create_socket_perms;
 +
 +optional_policy(`
-+    dbus_system_bus_client(pegasus_openlmi_service_t)
++    dbus_system_bus_client(pegasus_openlmi_admin_t)
 +')
 +
 +######################################
@@ -52964,7 +53023,7 @@ index 7bcf327..b6885d4 100644
  allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
  
  manage_dirs_pattern(pegasus_t, pegasus_cache_t, pegasus_cache_t)
-@@ -54,22 +232,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
+@@ -54,22 +246,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
  manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
  manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
  manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
@@ -52995,7 +53054,7 @@ index 7bcf327..b6885d4 100644
  
  kernel_read_network_state(pegasus_t)
  kernel_read_kernel_sysctls(pegasus_t)
-@@ -80,27 +258,21 @@ kernel_read_net_sysctls(pegasus_t)
+@@ -80,27 +272,21 @@ kernel_read_net_sysctls(pegasus_t)
  kernel_read_xen_state(pegasus_t)
  kernel_write_xen_state(pegasus_t)
  
@@ -53028,7 +53087,7 @@ index 7bcf327..b6885d4 100644
  
  corecmd_exec_bin(pegasus_t)
  corecmd_exec_shell(pegasus_t)
-@@ -114,6 +286,7 @@ files_getattr_all_dirs(pegasus_t)
+@@ -114,6 +300,7 @@ files_getattr_all_dirs(pegasus_t)
  
  auth_use_nsswitch(pegasus_t)
  auth_domtrans_chk_passwd(pegasus_t)
@@ -53036,7 +53095,7 @@ index 7bcf327..b6885d4 100644
  
  domain_use_interactive_fds(pegasus_t)
  domain_read_all_domains_state(pegasus_t)
-@@ -128,18 +301,25 @@ init_stream_connect_script(pegasus_t)
+@@ -128,18 +315,25 @@ init_stream_connect_script(pegasus_t)
  logging_send_audit_msgs(pegasus_t)
  logging_send_syslog_msg(pegasus_t)
  
@@ -53068,7 +53127,7 @@ index 7bcf327..b6885d4 100644
  ')
  
  optional_policy(`
-@@ -151,16 +331,24 @@ optional_policy(`
+@@ -151,16 +345,24 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -53097,7 +53156,7 @@ index 7bcf327..b6885d4 100644
  ')
  
  optional_policy(`
-@@ -168,7 +356,7 @@ optional_policy(`
+@@ -168,7 +370,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -53120,7 +53179,7 @@ index 0000000..7b54c39
 +/var/run/pesign\.pid    --  gen_context(system_u:object_r:pesign_var_run_t,s0)
 diff --git a/pesign.if b/pesign.if
 new file mode 100644
-index 0000000..c20674c
+index 0000000..26b1f0c
 --- /dev/null
 +++ b/pesign.if
 @@ -0,0 +1,103 @@
@@ -53181,7 +53240,7 @@ index 0000000..c20674c
 +	')
 +
 +	systemd_exec_systemctl($1)
-+        systemd_read_fifo_file_password_run($1)
++    systemd_read_fifo_file_passwd_run($1)
 +	allow $1 pesign_unit_file_t:file read_file_perms;
 +	allow $1 pesign_unit_file_t:service manage_service_perms;
 +
@@ -56706,7 +56765,7 @@ index c0e8785..c0e0959 100644
 +/var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
  /var/spool/postfix/flush(/.*)?	gen_context(system_u:object_r:postfix_spool_flush_t,s0)
 diff --git a/postfix.if b/postfix.if
-index 2e23946..589bbf2 100644
+index 2e23946..e9ac366 100644
 --- a/postfix.if
 +++ b/postfix.if
 @@ -1,4 +1,4 @@
@@ -57145,7 +57204,7 @@ index 2e23946..589bbf2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -478,30 +479,84 @@ interface(`postfix_domtrans_postqueue',`
+@@ -478,30 +479,85 @@ interface(`postfix_domtrans_postqueue',`
  		type postfix_postqueue_t, postfix_postqueue_exec_t;
  	')
  
@@ -57198,6 +57257,7 @@ index 2e23946..589bbf2 100644
 +interface(`postfix_domtrans_postgqueue',`
 +    gen_require(`
 +            type postfix_postgqueue_t;
++            type postfix_postgqueue_exec_t;
 +    ')
 +        domtrans_pattern($1, postfix_postgqueue_exec_t,postfix_postgqueue_t)
 +')
@@ -57240,7 +57300,7 @@ index 2e23946..589bbf2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -514,13 +569,12 @@ interface(`postfix_exec_postqueue',`
+@@ -514,13 +570,12 @@ interface(`postfix_exec_postqueue',`
  		type postfix_postqueue_exec_t;
  	')
  
@@ -57255,7 +57315,7 @@ index 2e23946..589bbf2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -533,13 +587,13 @@ interface(`postfix_create_private_sockets',`
+@@ -533,13 +588,13 @@ interface(`postfix_create_private_sockets',`
  		type postfix_private_t;
  	')
  
@@ -57271,7 +57331,7 @@ index 2e23946..589bbf2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -552,13 +606,14 @@ interface(`postfix_manage_private_sockets',`
+@@ -552,13 +607,14 @@ interface(`postfix_manage_private_sockets',`
  		type postfix_private_t;
  	')
  
@@ -57288,7 +57348,7 @@ index 2e23946..589bbf2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -571,14 +626,12 @@ interface(`postfix_domtrans_smtp',`
+@@ -571,14 +627,12 @@ interface(`postfix_domtrans_smtp',`
  		type postfix_smtp_t, postfix_smtp_exec_t;
  	')
  
@@ -57304,7 +57364,7 @@ index 2e23946..589bbf2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -586,7 +639,7 @@ interface(`postfix_domtrans_smtp',`
+@@ -586,7 +640,7 @@ interface(`postfix_domtrans_smtp',`
  ##	</summary>
  ## </param>
  #
@@ -57313,7 +57373,7 @@ index 2e23946..589bbf2 100644
  	gen_require(`
  		attribute postfix_spool_type;
  	')
-@@ -607,11 +660,11 @@ interface(`postfix_getattr_all_spool_files',`
+@@ -607,11 +661,11 @@ interface(`postfix_getattr_all_spool_files',`
  #
  interface(`postfix_search_spool',`
  	gen_require(`
@@ -57327,7 +57387,7 @@ index 2e23946..589bbf2 100644
  ')
  
  ########################################
-@@ -626,11 +679,11 @@ interface(`postfix_search_spool',`
+@@ -626,11 +680,11 @@ interface(`postfix_search_spool',`
  #
  interface(`postfix_list_spool',`
  	gen_require(`
@@ -57341,7 +57401,7 @@ index 2e23946..589bbf2 100644
  ')
  
  ########################################
-@@ -645,17 +698,16 @@ interface(`postfix_list_spool',`
+@@ -645,17 +699,16 @@ interface(`postfix_list_spool',`
  #
  interface(`postfix_read_spool_files',`
  	gen_require(`
@@ -57362,7 +57422,7 @@ index 2e23946..589bbf2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -665,11 +717,31 @@ interface(`postfix_read_spool_files',`
+@@ -665,11 +718,31 @@ interface(`postfix_read_spool_files',`
  #
  interface(`postfix_manage_spool_files',`
  	gen_require(`
@@ -57396,7 +57456,7 @@ index 2e23946..589bbf2 100644
  ')
  
  ########################################
-@@ -693,8 +765,8 @@ interface(`postfix_domtrans_user_mail_handler',`
+@@ -693,8 +766,8 @@ interface(`postfix_domtrans_user_mail_handler',`
  
  ########################################
  ## <summary>
@@ -57407,7 +57467,7 @@ index 2e23946..589bbf2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -710,37 +782,137 @@ interface(`postfix_domtrans_user_mail_handler',`
+@@ -710,37 +783,137 @@ interface(`postfix_domtrans_user_mail_handler',`
  #
  interface(`postfix_admin',`
  	gen_require(`
@@ -64824,10 +64884,10 @@ index 70ab68b..e97da31 100644
  /var/lib/quantum(/.*)?	gen_context(system_u:object_r:quantum_var_lib_t,s0)
  
 diff --git a/quantum.if b/quantum.if
-index afc0068..5fb7731 100644
+index afc0068..7b3cfad 100644
 --- a/quantum.if
 +++ b/quantum.if
-@@ -2,41 +2,292 @@
+@@ -2,41 +2,293 @@
  
  ########################################
  ## <summary>
@@ -65056,6 +65116,7 @@ index afc0068..5fb7731 100644
 +#
 +interface(`quantum_stream_connect',`
 +	gen_require(`
++        type quantum_t;
 +		type quantum_var_lib_t;
 +	')
 +
@@ -80163,7 +80224,7 @@ index 0000000..92c3638
 +
 +sysnet_dns_name_resolve(smsd_t)
 diff --git a/smstools.if b/smstools.if
-index cbfe369..085ac13 100644
+index cbfe369..6594af3 100644
 --- a/smstools.if
 +++ b/smstools.if
 @@ -1,5 +1,81 @@
@@ -80248,6 +80309,15 @@ index cbfe369..085ac13 100644
  ########################################
  ## <summary>
  ##	All of the rules required to
+@@ -32,7 +108,7 @@ interface(`smstools_admin',`
+ 	role_transition $2 smsd_initrc_exec_t system_r;
+ 	allow $2 system_r;
+ 
+-	files_search_config($1)
++	files_search_etc($1)
+ 	admin_pattern($1, smsd_conf_t)
+ 
+ 	files_search_var_lib($1)
 diff --git a/snapper.fc b/snapper.fc
 new file mode 100644
 index 0000000..3f412d5
@@ -95127,7 +95197,7 @@ index 36e32df..3d08962 100644
 +    manage_dirs_pattern($1, zarafa_var_lib_t, zarafa_var_lib_t)
  ')
 diff --git a/zarafa.te b/zarafa.te
-index a4479b1..1d12d58 100644
+index a4479b1..7a9f1b6 100644
 --- a/zarafa.te
 +++ b/zarafa.te
 @@ -1,4 +1,4 @@
@@ -95250,7 +95320,7 @@ index a4479b1..1d12d58 100644
  manage_dirs_pattern(zarafa_server_t, zarafa_server_tmp_t, zarafa_server_tmp_t)
  manage_files_pattern(zarafa_server_t, zarafa_server_tmp_t, zarafa_server_tmp_t)
  files_tmp_filetrans(zarafa_server_t, zarafa_server_tmp_t, { file dir })
-@@ -109,70 +117,78 @@ files_var_lib_filetrans(zarafa_server_t, zarafa_var_lib_t, { file dir lnk_file }
+@@ -109,70 +117,80 @@ files_var_lib_filetrans(zarafa_server_t, zarafa_var_lib_t, { file dir lnk_file }
  
  stream_connect_pattern(zarafa_server_t, zarafa_indexer_var_run_t, zarafa_indexer_var_run_t, zarafa_indexer_t)
  
@@ -95307,9 +95377,10 @@ index a4479b1..1d12d58 100644
 -corenet_tcp_sendrecv_smtp_port(zarafa_spooler_t)
 +
 +auth_use_nsswitch(zarafa_spooler_t)
-+
-+########################################
-+#
+ 
+ ########################################
+ #
+-# Zarafa domain local policy
 +# zarafa_gateway local policy
 +#
 +corenet_tcp_bind_pop_port(zarafa_gateway_t)
@@ -95317,8 +95388,8 @@ index a4479b1..1d12d58 100644
 +#######################################
 +#
 +# zarafa-ical local policy
-+#
-+
+ #
+ 
 +corenet_tcp_bind_http_cache_port(zarafa_ical_t)
 +
 +######################################
@@ -95326,13 +95397,12 @@ index a4479b1..1d12d58 100644
 +# zarafa-monitor local policy
 +#
 +
- 
- ########################################
- #
--# Zarafa domain local policy
++
++########################################
++#
 +# zarafa domains local policy
- #
- 
++#
++
 +# bad permission on /etc/zarafa
  allow zarafa_domain self:capability { kill dac_override chown setgid setuid };
 -allow zarafa_domain self:process { setrlimit signal };
@@ -95351,10 +95421,11 @@ index a4479b1..1d12d58 100644
 -
  dev_read_rand(zarafa_domain)
  dev_read_urand(zarafa_domain)
--
+ 
 -logging_send_syslog_msg(zarafa_domain)
 -
 -miscfiles_read_localization(zarafa_domain)
++dev_read_sysfs(zarafa_domain)
 diff --git a/zebra.fc b/zebra.fc
 index 28ee4ca..e1b30b2 100644
 --- a/zebra.fc
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 745f844..5e39906 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 68%{?dist}
+Release: 69%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -538,6 +538,25 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Jul 31 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-69
+- Add more aliases in pegasus.te
+- Add more fixes for *_admin interfaces
+- Add interface fixes
+- Allow nscd to stream connect to nmbd
+- Allow gnupg apps to write to pcscd socket
+- Add more fixes for openlmi provides. Fix naming and support for additionals
+- Allow fetchmail to resolve host names
+- Allow firewalld to interact also with lnk files labeled as firewalld_etc_rw_t
+- Add labeling for cmpiLMI_Fan-cimprovagt
+- Allow net_admin for glusterd
+- Allow telepathy domain to create dconf with correct labeling in /home/userX/.cache/
+- Add pegasus_openlmi_system_t
+- Fix puppet_domtrans_master() to make all puppet calling working in passenger.te
+- Fix corecmd_exec_chroot()
+- Fix logging_relabel_syslog_pid_socket interface
+- Fix typo in unconfineduser.te
+- Allow system_r to access unconfined_dbusd_t to run hp_chec
+
 * Tue Jul 30 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-68
 - Allow xdm_t to act as a dbus client to itsel
 - Allow fetchmail to resolve host names